Back

Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages

May 24, 2024, 8:27 a.m.

Tags

apt
espionage
2024-05-24
transparent tribe

External References

https://blogs.blackberry.com/

https://otx.alienvault.com/

Description

BlackBerry discovered the Pakistani-based advanced persistent threat group Transparent Tribe (APT36) targeting the Indian government, defense, and aerospace sectors. The group employed cross-platform programming languages, open-source tools, and abused web services for command-and-control and exfiltration. Techniques included spear-phishing, malicious documents, ISO images, and Telegram RATs. Transparent Tribe gathered intelligence by exfiltrating data and stealing browser information. The persistent targeting of critical Indian sectors suggests potential alignment with Pakistan's interests amid heightened geopolitical tensions.

Date

Published Created Modified
May 24, 2024, 7:49 a.m. May 24, 2024, 7:49 a.m. May 24, 2024, 8:27 a.m.

Indicators

fbb65a675deb4d1779ef526b39700122dbc98a554ea19551c4c157f4b7e04a47

facf4ac6c1fa7910e5cae745e1464e9ab20f8b824c257ddb1389e2a33bce898f

f9bc28d533a1114d94ac340aa134111a1277c858f559c8d1a8e70bd88010e836

f516c70f9c52aa2ed7ed14e87435d9b13ef1f1b3a9ae9651b14afb935a359f63

f6c5c6a5356e9e24dec0bc5e19b5182185283339aee313f1fc8988ec0e3c0e22

f124c9b25e7776f23f8407f08a121a503cb3e33ad2d91523e37ad9e97cbb0778

e43a4b0e63c36039b599b60913599ec146d20eeccfe0714c437943dcb67d476f

f0cc7335c65bdf25187120b3a0e4ffe101c8fa31349959fad55457b3134d8af3

eaa15b61db3eb08c6a12b1bf912b36e02a216f2a0462670bc0420c351266ac78

e227e2c4a95d4a5aeb20ee6ae2412691bf20add556de69b8d915aa2ed70226c8

dca41db6ec1c41fd6b529756aeb485d61962d0485791cca84d27a03a14ab1be1

dde37094a8c0f781f978cf5c30b97825f7dd04cf9485f917ee66fe8ae7dab18a

dc224a4c3fe22f51329003f34f6c82264d35bd57553292f4d131f2b168e90a93

dbc76c5a5d46014a420fa9099816b2a6ec771cbb945e8ec8e6ef0ab64d54ef5f

d8da224a59f8bb89577cd7d903e9a142197e85041fdc15c9981601351ac84cd5

d0cb0d96f137b98f9d4396e4e2f54b2ab8fb40c810fc7b776cc6baccb65d44b9

d0a6f7ab5a3607b5ff5cc633c3b10c68db46157fcaf048971cc3e4d7bf1261c0

cc7ef97385fab6a0f91c78f75695feb88b813081fa1a242af7b0807c5f455339

cf12cc1f4951637b51f9587f70fc0154773f42ac8b2d835c454d76bc5a46b206

c5c3aca628cfba97fd453aafd0d6cf38bef5346e2db731e843dac2743a44336c

c1b727d7f5112f5ca9a1a194d41b392dfc16f05fc6b820d2df52541497e95aa1

c5b36889f41efd8afcb795094fd8e653fb0409e9f8393263519329d1f79704fe

c0466a6028120e0644145a60dea89ed27673f7a87fdfb5a24d489ff21d5df6e0

bf9f6248a2f2c756f0b9289d423c60a0d80714e9b2cbd1c5d24313588e12246b

bda9c9003993a8466b6acc5b98ac6272699ce3609f209aee295b7cd80354eb48

bc4ed2f3184404efa3693b9685b759d46a3d97e0a9dade44337358a6bb2812c3

b427c8dc30ae93e27bd497cab40c12b86c15ad0a1df6b30d147a2851f377033a

b1584b4e4f7dead1bc2dd64b8e377cf6edc6fdd14946308c38664b3a141aa5cc

aaa3c7be74fd9d68b11dfffae884c0f54ec614967df7f4f1366796a35081dcb1

a82562e1dc42b13df9390a2fb7361e9e17072a159e0b5ef7be027cf5b46bd05f

9ec5979fc7cbafb3f3fcd3b22fd8e651e5c6ee0d734aefc9ed69c58042e2d7d6

9c1350b332999a13e00c3ec06f850adaacfd6a4a986a980b1a6179cb5e140963

99bd4285e38413c3a961d70cfa6c8b5f8e4ae3b4c559af1d9f213e34d3b56976

999635f52114ca98fbfd5bf1cca9d6dc8030950baaa1a154619bd830238650f5

986599fc4036b6af084a07f348f0cbdf67ce9e6f921f1646ebcca0ddaeb0eef4

9709b0876c2a291cb57aa0646f9179d29d89abb2f8868663147ab0ca4e6c501b

94eb37b28148a8c18e2089031d3409f3dda3a686e9977546727625383b5481a3

935c75d110285f37690779290a1f25c6d689b30952df3f89a7fe506e58664184

91a1e60d1bfc4a4466b50b1c56736e7cd3c66ec80d52aa9a4adf5f8a3bbe29b7

8fd1b61b89d411b5c7962012931c03d62cd54421b687590428884acfbdc675ba

8de4300dc3b969d9e039a9b42ce4cb4e8a200046c14675b216cceaf945734e1f

8878675e78fddfd8ae7ce556001d4c1ba858f8fa3a70be96887f7ad465473496

887705a01d3690c59905fa7bf325680186647034d246067f88a0053595ac081f

846a455ffcd39fa8cbe0f9baf3bb45af7a180f37c0f64bf5637a5c9cb583225b

7bec5922cc4bc324d9efd1a3a638f05472cb39637f0bf18b97ccdac3793f281a

7b32225ac9914523a25b446c4fcbb1d526c4d258ff381283c807e7025819fa5c

78480e7c9273a66498d0514ca4e959a2c002f8f5578c8ec9153bb83cbcc2b206

6e72d77ace615031665dcab518cede60b030bd97d367234ac2f4627be8510349

60fbf6840c45017681761b908ded2d3eff5c31a22161cee8f0df20080d483717

5975d9a448e090ea31adc2018442740c66e5c1adf9206b830e4514ffc130fb15

544f7462dc0d61491b7502df6836692dff680a6a562ba2d8b81c127c355be840

5465015abd3dcbaac1fa56666d09df15a35402d0aa5a5d3988b681c88101d826

51d8e84d93c58a3e6dadbd27711328af797ac1d96dfad934d8b8a76252695206

51a372fee89f885741515fa6fdf0ebce860f98145c9883f2e3e35c0fe4432885

4f7036b1eba034dde6f1f403acb56b0fad3e5a2ae9a39a20d12a0979875d33b3

4ee950ffaa4acd3c170b010f66cdbd60dfa7f8e2ddf846e886669586b29e0476

44c8d8590197cf47adfd59571a64cd8ccce69ca71e2033abb2f7cf5323e59b85

32da4d6f26f08be430e57d3e893af9db3b838842026bf020d3a297275adf2d82

320a792ff9efcdaf56bdc828d0b352221f3e3c0f89192e17648768aa9f51dff7

2dd9dfd6a3e07d8328066b754f0cd5ce16529b4e0782d2a9257faf68abab92b9

26c28425acb142e84a3b2247e852ef1f4874e9222278c3054b5df9213f25318b

1e657d3047f3534dcd4539ce54db9f5901f7e53999bae340a850cc8d2aacc33c

260652503af6002cfd990b3220fe3c398ccab8760e10e2e2565e5205d0dc02ea

15ad46f8810f7e22d13e8768f88cab1a2eaa1b98693d0ab04253e4fd31ffc9b4

0f0e7039700e1003ecd803616a28e563f885849d17508c7bfe958a2220b566d0

1544649fca4a93f1fd8427ae175878209301b2c1ba2555bfd206812e19705f42

0dce569bd77fcf83bf6a2cd4da5165bca374347e5fb5f7f532c8d281c8382c3e

0ce544e7a5bfbd7128a8c3cd0a82802d1b7829530f15e02883ef3dd7c38d97a2

08f277125e581b07ba79b7bc4d80790643f6009dbe1b6119900ccce42b66fd17

050b5e3b2e712254afee94fb2a459947c76e405ca735f839c9cc7d3f6bf124e9

d9f29a626857fa251393f056e454dfc02de53288ebe89a282bad38d03f614529

dab645ecb8b2e7722b140ffe1fd59373a899f01bc5d69570d60b8b26781c64fb

a811a2dea86dbf6ee9a288624de029be24158fa88f5a6c10acf5bf01ae159e36

69c3a92757f79a0020cf1711cda4a724633d535f75bbef2bd74e07a902831d59

64aff0e1f42f45458dcf3174b69d284d558f7dac24a902438e332e05d0d362ef

4fa0e396cda9578143ad90ff03702a3b9c796c657f3bdaaf851ea79cb46b86d7

4a287fa02f75b953e941003cf7c2603e606de3e3a51a3923731ba38eef5532ae

4455ca4e12b5ff486c466897522536ad753cd459d0eb3bfb1747ffc79a2ce5dd

0ac787366bb435c11bf55620b4ba671b710c6f8924712575a0e443abd9922e9f

7158dafa56c694de8ae4a1969cc8575ddc4374bb179f58769a23ccb70186d072

Attack Patterns

pyshellfox

globshell

poseidon

transparent tribe

T1053.003

T1027.001

T1217

T1059.006

T1588.002

T1566.002

T1547.001

T1059.004

T1113

T1204.002

T1082

T1566.001

T1140

Additional Informations

India